Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Businesses China Government

Massive, China-State-Funded Hack Hits Companies Around the World, Report Says (arstechnica.com) 99

An anonymous reader quotes a report from Ars Technica: Researchers have uncovered a massive hacking campaign that's using sophisticated tools and techniques to compromise the networks of companies around the world. The hackers, most likely from a well-known group that's funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems. Symantec uses the code name Cicada for the group, which is widely believed to be funded by the Chinese government and also carries the monikers of APT10, Stone Panda, and Cloud Hopper from other research organizations. The group has been active in espionage-style hacking since at least 2009 and almost exclusively targets companies linked to Japan. While the companies targeted in the recent campaign are located in the United States and other countries, all of them have links to Japan or Japanese companies.

The attacks make extensive use of DLL side-loading, a technique that occurs when attackers replace a legitimate Windows dynamic-link library file with a malicious one. Attackers use DLL side-loading to inject malware into legitimate processes so they can keep the hack from being detected by security software. The campaign also makes use of a tool that's capable of exploiting Zerologon. Exploits work by sending a string of zeros in a series of messages that use the Netlogon protocol, which Windows servers use to let users log into networks. People with no authentication can use Zerologon to access an organization's crown jewels -- the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. Microsoft patched the critical privilege-escalation vulnerability in August, but since then attackers have been using it to compromise organizations that have yet to install the update. Both the FBI and Department of Homeland Security have urged that systems be patched immediately. Among the machines compromised during attacks discovered by Symantec were domain controllers and file servers. Company researchers also uncovered evidence of files being exfiltrated from some of the compromised machines.

This discussion has been archived. No new comments can be posted.

Massive, China-State-Funded Hack Hits Companies Around the World, Report Says

Comments Filter:
  • We only saw this shit with Code Red, Nimda, SQL Slammer and all the dumbass NetBIOS shit. Just patch your stuff, idiots. Or get owned.
  • by Anonymous Coward

    Enough is enough. It's time to hire a ton of really experienced folks to rewrite most of the libs that were produced by your code campers over the last three decades. And while you're at it go ahead and pull the trigger on replacing the kernel sooner rather than later.

    Please get serious about security, you're endangering the economic freedom of millions of people around the globe.

    • Oh come on, when you're dealing with that much code, flaws will exist. When I look at the weekly vulnerability reports, there's always a ton of open source projects on there. It is inevitable that large code bases will have vulnerabilities no matter how many experienced eyes are on it.
  • by Anonymous Coward on Wednesday November 18, 2020 @10:48PM (#60741428)

    While slashdot quickly publish hacking reports that are "the most likely" funded by the Chinese government, it turns a blind eye [slashdot.org] to the the even more likely report of NSA hacking [datacenterdynamics.com]:

    Reports in the Danish media allege that the United States National Security Agency (NSA) spied on Denmark’s government and companies [thedrive.com], including the Ministry of Finance, the Ministry of Foreign Affairs and its defense industry firm Terma, as well as other European defense contractors Eurofighter GmbH and Saab, in an attempt to gain information on its fighter acquisition program that was eventually won by the U.S.-made Lockheed Martin F-35. Allegedly, the NSA sought to conduct espionage [ab]using an existing intelligence-sharing agreement between the two countries. Under this agreement, it is said the NSA is able to wiretap fiber-optic communication cables passing through Denmark and stored by the Danish Defense Intelligence Service, or Forsvarets Efterretningstjeneste (FE). This occurred in light of highened scrutiny of the nation's internet and telecom infrastructures. In June, Denmark said it want to be able to exclude 5G technology suppliers from providing critical infrastructure in Denmark if they are not from countries considered security allies, apparently targeting Chinese telecom vendors Huawei and ZTE. “In order to protect Denmark and the Danes, we want to collaborate with someone with whom we already have alliances,” Minister of Defence Trine Bramsen told reporter.

    • Why can't RWNJs use the adjective "biased"? Because they're stupid, halfwitted, dullards. Donny lost, get over it.
      • by DarkOx ( 621550 )

        Stop lying. I certainly looks like Donny will lose but there are 270 electors associated with states that have certified their elections and assigned said electors yet. The race isn't over and Biden's lead though very like insurmountable does continue to narrow.

    • by Tailhook ( 98486 ) on Thursday November 19, 2020 @01:12AM (#60741670)

      These Danes used the same lines they'd previously agreed to allow the US to tap at will. They used them to discuss the acquisition of front line fighter aircraft and took no precautions at all. Not spying on these idiots would mean we wouldn't know what our enemies were learning while they also spied on our bonehead, romper room 'allies.'

      Literally the NSA's job and no apologies will be forthcoming from the US. At least not until Biden is in office.

      • by gtall ( 79522 )

        At least Biden will listen to the NSA rather than Putin like currently his Poodle.

      • These Danes used the same lines they'd previously agreed to allow the US to tap at will. They used them to discuss the acquisition of front line fighter aircraft and took no precautions at all. Not spying on these idiots would mean we wouldn't know what our enemies were learning while they also spied on our bonehead, romper room 'allies.'

        Literally the NSA's job and no apologies will be forthcoming from the US. At least not until Biden is in office.

        To be perfectly honest the whole operation was completely unnecessary. It was born out of US paranoia and insecurity and nothing else. There was never the slightest chance that the RDAF or RNAF would buy anything other than the F-35. EADS eventually pulled out lf the competitions saying as much, i.e. that these competitions were basically political theatre aimed at convincing the Danish and Norwegian public that the F-35 purchase wasn't a foregone conclusion. Both countries had sunk far too much money into

    • by rossz ( 67331 )

      It's so easy to spot the CCP sock puppet.

  • Disconnect (Score:3, Interesting)

    by hoofie ( 201045 ) <mickey@[ ]se.com ['mou' in gap]> on Wednesday November 18, 2020 @10:53PM (#60741444)

    Why don't we just start severing internet connectivity to China ? Granted there are multiple paths but some blocking might at least send a message.

    • Re: (Score:3, Interesting)

      Comment removed based on user account deletion
      • Re:Disconnect (Score:4, Insightful)

        by ahodgson ( 74077 ) on Thursday November 19, 2020 @12:04AM (#60741576)

        lol. China has been stealing IP and hacking everything they can reach for decades. We were just too dumb to recognize them for the enemy.

        • Re: (Score:1, Flamebait)

          Comment removed based on user account deletion
          • Re:Disconnect (Score:5, Insightful)

            by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday November 19, 2020 @08:02AM (#60742236) Homepage Journal

            Before this bullshit trade war Slashdotters almost universally bemoaned the US spreading their godawful IP laws across the planet.

            That's primarily about copyright, and software patents.

            What a difference one demagogue and a willing media horde can make.

            We were having these same arguments under several prior administrations.

            According to Slashdot these days the Chinese are too useless to invent anything,

            It's not just these days, and China hasn't independently invented anything of consequence in literally millennia. They may have put the finishing touches on some things, but e.g. Huawei is well-known for industrial espionage. Once you become known for cheating, no one will ever believe again that you aren't doing it constantly.

            FFS, every second engineer and scientist working in America is fucking Chinese you dopey racist fucks.

            It's not about race, tiger. It's about culture and government. They're not unable to invent things independently because of their genetic background. They're hamstrung by a system that hammers down what sticks up. Their government long ago reached the "self-perpetuation by any means" stage. This is known to be harmful to creativity, a critical problem-solving skill.

      • China has been our enemy since the 1950's. People are only now realizing it again.

    • Internet is supposed to be opened for everyone. Shut China out to isolate the Chinese, cut them from the global information, have the country close in on itself and help it to develop a sense of war.
  • Don't use a system that has DLLs.
    • by Anonymous Coward

      Don't use a system that has DLLs.

      You would think that Microsoft would have learned their lesson with the fiasco of activex controls, xp and their servers, but no the concept of a communications sandbox is beyond their current capabilities.

      .Net in IS and local nets are a fucking curse, if holes in memory anywhere can then easily be exploited by anyone rather than just being a run of the mill ho hum script kiddy annoyance DDOS magnet. Almost as bad Danny Drop Tables and activex holes in a simple spread sheets for heavens sake. Open your Wi

    • Statically link all the things!
      • Statically link all the things!

        Instead of 15 GB, Win 10 would be 15 TB on disk and require 4 TB of RAM.

        • I wonder if our species is far enough along on the road to Idiocracy to accept "bigger" as a selling point for software...
          • I wonder if our species is far enough along on the road to Idiocracy to ...

            Idiocracy? Not far at all. Just look at the elections...

  • It never ceases to amaze me that, with so many examples of this nature before them, hacks, ransomware, viruses, on and on and on some more, and people still consider Microsoft operating systems to be suitable for business purposes.

    I question if it's suitable for any purpose, actually, but businesses depend on this stuff. Really? In what universe is this supposed to make any sense at all?

    • your right - but name an alternate to MS Office?
      including calendars, email, AD, etc

      nothing is out there - seriously.

      • by gtall ( 79522 )

        I'm on a Mac, I never felt the need to have all my crapola centralized and packaged for MS's enjoyment. The only time I use the abomination called Word is when some higher up relies upon it. It's always a clusterfuck to get a document to look correct. Excel is another pile of rat droppings. Exchange...ack, I'd rather eat a broom.

        Not sure about AD, but I doubt centralizing like it does is anything more than presenting a honey pot for the black hats.

        • I'm on a Mac, I never felt the need to have all my crapola centralized and packaged for MS's enjoyment.

          What does that mean? What relevance could it conceivably have? Microsoft Office is bundled and packaged for M$' profit, but it's a shockingly reasonable thing to do given that so many businesses use the whole stack of apps.

          [various complaints about office apps]

          They're not perfect for sure, but they do have their benefits. Excel in particular is much more pleasant to use than Calc, because of basic interface behaviors. Calc may be much more capable, but it's also much more irritating. Word peaked IMO around 5.1 (back when it was just a word proc

    • I'm inclined to agree, but I guess a lot of shops start out "to small for anyone to care about" and then gradually get bigger - and keep their crappy Windows systems as they do so. By the time they realise, they absolutely are big enough for someone to think it worth trying to extort them, or to steal their data, but they didn't make the switch to a half way sane OS.

      Of course, the lesson really is that anyone is "big enough" because the cost of attack is very low. Any issues with your systems or data will c

  • by JabrTheHut ( 640719 ) on Thursday November 19, 2020 @12:07AM (#60741590)

    ...most likely from... both off-the-shelf and custom-made tools...Cicada... widely believed... APT10, Stone Panda, and Cloud Hopper...

    While I don't doubt that the Chinese government funds hackers, the above is vague and unconfirmed, and could well be done by anyone using a VPN. In fact, I'm really surprised they are not using a VPN, I thought that was hacking 101.

    There seems to be a push to paint Chinese hackers as uniquely bad, but I know that almost every government runs hacking teams these days. For example, we all know for a fact that the Australian government hacks the computers of allies in order to get advantage for Australian companies and multi-nationals who have an office in Australia (Woodside is a name that springs to mind). They also run child porn sites, selectively ignore terrorists based on the colour of their skin and imprison journalists who report on war crimes. Yet that is somehow seen as fine while Chinese hackers are beyond the pale.

    Accountability is gone so governments can do what they like to their people, while Western nations have decided that there are no moral or legal boundaries any more so they can do anything outside their borders with impunity. The rest of the world is following. Why are we surprised? Is the Chinese government doing anything that the US, Australia or UK is not doing right now?

    • Its no big deal, western moralities/legalities are so questionably obtuse that its almost painful. We are doing it to ourselves by not accepting realities and empowering fantasies.
  • And by that, I mean do these groups really have the backing of the government ?

    It's certainly possible, but it seems just as likely that these are simply criminal crackers doing crime.

    And with the US executive branch unable to tell the truth about anything, I'm kind of wondering what the independent verification is that the government of China is actually behind these groups.

    Also, how much of this sort of thing is going on _against_ China with the backing of the CIA (or NSA) ? You know they have to be invo

  • "The hackers, most likely from a well-known group that's funded by the Chinese government". people are rightly skeptical of news sources these days, this isn't helping. would it have killed you to verify the information before posting? by all means report a hack,it's good information, but let's not go crazy and promote suspicions as fact. that's how these things start. how exactly are we identifying it was a chinese government source? as in, how?
    • by gtall ( 79522 ) on Thursday November 19, 2020 @04:33AM (#60741952)

      " people are rightly skeptical of news sources " I don't think so. Western news organizations are fairly good at adhering to the truth. The alleged administration on the other hand wants to discredit those organizations because they cannot stand adult oversight.

      • Western news organizations are now torn between political activism and a desire for profit. They don't care much about truth anymore. But then, from my experience, very few people in the West still care about truth. So I guess we just have the news organizations that we deserve.

    • "The hackers, most likely from a well-known group that's funded by the Chinese government". people are rightly skeptical of news sources these days, this isn't helping. would it have killed you to verify the information before posting? by all means report a hack,it's good information, but let's not go crazy and promote suspicions as fact. that's how these things start. how exactly are we identifying it was a chinese government source? as in, how?

      They included the words "most likely", most likely after comparing attack types/signatures from known proven APTs. This isn't exactly difficult to technically deduce beyond mere politics.

      And would it have killed you to understand your own words when you say "by all means report a hack"? I understand your point to an extent, but let's not go crazy and start accusing others of promoting suspicion when you demand the info by all means. That would most likely mean they'll do the best they can to validate in

  • Why do we keep dealing with that shithole country? Even Bernie Sanders wanted to cut them off. If the west needs sweatshops, there are plenty of other countries willing to do the work.
    • by gtall ( 79522 )

      "We"? I don't recall having much of a voice in how companies source their supply chains. Now the U.S. could try to mandate they relocate them. But the R's in Congress have an aversion to forcing companies to follow government dictates and this smacks of a centrally planned economy.

      One could always go the trade war route. Except the alleged administration is trying, but that seems to amount to paying U.S. farmers for their lost exports to China. So the taxpayers are funding the trade war. I don't see the all

    • Because the US consumer likes to buy cheap televisions, computers, and other things. Whether they last till you get them unpacked is not as material as the cost point. When another country provides cheap enough skilled labor and plant guarantees or outright building the plants to get business and similiar shipping costs along with stability (no revolutions or threat of unexpected loss of plant fixed costs to government takeover), manufacturing will move there without politicians needing to do much of anythi

  • But yeah, sure, let's allow Huawei's 5G networking equipment to be deployed in the UK. What could possibly go wrong?

  • by sabbede ( 2678435 ) on Thursday November 19, 2020 @10:13AM (#60742736)
    Apparently the first thing they do is turn around and attack you for it. Japan signed onto a deal with them and China shows its appreciation by launching cyber attacks. The US signs a deal with them and China starts shipping sick people all over the world.

    So, I guess the first thing China does when you enter a trade deal with them is to export some kind of virus back to you.

  • Nice counter-point to the other China article in today's /. newsfeed, posted less than an hour later than this...
    "China's Xi Jinping Warns Against Protectionism in Apparent Swipe at US"

  • When are we going to admit we're in a cyber war and go on the offensive? We have lots of hackers in this country, some of whom have committed crimes on the internet. Let's recruit some of these people and turn them loose on these countries attacking us in cyberspace and they will be happy to be paid to engage in their favorite hobby to our benefit rather than our detriment.
  • Ok, this is /. so FUCK CHINA!

Life is a game. Money is how we keep score. -- Ted Turner

Working...